SIM Swap Attack – the New Hijack

SIM Swap Attack – the New Hijack

Imagine no texting, no service, and no data for a minute. Yikes! Halloween or not, the lack of being able to connect is a very scary thought and it can happen to any of us due to a tiny piece of plastic called a SIM card. There is a SIM (subscriber identity module) in every mobile device and it is what connects the user to a cellular network. Unfortunately, there is a wide-spread SIM swap hack that allows a thief to hijack your cell number.

 

Also known as a port out scam, simjacking, swim swapping, and SIM splitting … this latest scam can wreak havoc in all of your accounts associated with your mobile phone number. Everyone with a cell phone is at risk of this type of takeover. The PEW Research Center, a nonpartisan organization based in Washington D.C., reported this year that 96% of Americans have a cellular device and 92% of them go online daily. Considering that there are approximately 330 million Americans, that’s a pretty large target market from a hacking standpoint. No one is immune. A number of high profile attacks have occurred via Instagram and Twitter. The website wired.com reported that Twitter CEO Jack Dorsey’s own twitter account was hacked via this method this year.

 

What is a SIM Swap?

This type of scam is an account takeover fraud. It targets a weakness in two-factor authentication and two-step verification in which the second factor (step) is either a text message or a call placed to a mobile telephone. This is achieved by the fraudster impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. The victim’s phone will then lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows them to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts (such as bank accounts, social media accounts, etc.) that rely on text messages or telephone calls.

 

Damage from a SIM swap can have a snowball effect. Since the scammer would be armed with your login credentials, not only can they steal your money, take over your email and social media accounts, but they can lock you out of them all and open up a new cellular account in your name … or buy that new phone you’ve been eyeing for months but won’t have the joy of using yourself.

 

Is a SIM swap preventable?

No. It’s impossible to completely prevent someone from gaining access to your phone number through a SIM swap due to the fact that the scam requires no misstep on your part (such as clicking on a bogus link). All the scammer needs to do is convince your carrier that they are you and to transfer your phone number to their SIM. As described by Michael Grothaus with Fast Company, “There’s nothing inherently shady with doing a SIM card swap. If you lose your phone or your SIM card is damaged, for instance, you might go to a mobile carrier store or even call up customer service to have your number transferred to a new SIM.”

 

Even though you can’t prevent a swap from happening to you, there are ways to make it more difficult for a scammer. Grothaus suggests to use an authenticator app such as Authenticator by Google, Microsoft AuthenticatorLastPass Authenticator, and 1Password. A single authenticator app can handle all your authentication codes no matter how many different accounts you use.

 

Other courses of action you can do to help prevent a swap include:

– Limit the personal information you share online. Identity thieves will find information to answer the security questions you may have set up to verify your identity. For example, if one of your security questions is, “What is my high school mascot?” and you list your high school name on your Facebook account and that information is not on a private setting, it’s not difficult for a good sleuth to figure out your mascot’s name.

– Set up a PIN for your cellular account and do not share it with anyone.

– Do not reply to calls, emails and SMS messages that could be a phishing attempt to request your personal data. Make sure to read our blog “Accidentally Clicked on a Phishing Link – Now What” to get up-to-speed on phishing scams.

 

The Federal Trade Commission offers a few tips on what to do if you suspect that you’ve been swapped:

– First, contact your cellular service provider immediately to take control of your phone number. After you re-gain access to your phone number, change your account passwords.

– Check your banking, credit card and insurance statements for unauthorized charges or changes to your profile.

– Call your identity theft resolution provider. A Guard Well Member Services team professional is always on hand for you 24 hours a day, seven days a week and every day of the year … yes, even Halloween. There are enough tricks flying around. Here’s to receiving a treat this year!

 

 

BBB’s Torch Awards for Marketplace Ethics

Join us in celebrating businesses and charities that go above and beyond to exemplify ethical behavior and create a trusted marketplace. We are a proud sponsor of the Better Business Bureau’s Torch Awards event, which will take place Friday, October 18th at the Sharonville Convention Center 11:30am – 1:30pm.

 

2019 Torch Award Winners include:

– Camp Joy

– The Basement Doctor of Cincinnati

– Ace Exterminating Co.

– Deviant Designs Tattoo Studio

– Impact 100, Inc.

 

We look forward to honoring these exceptional organizations. For more information and to reserve your seat, visit torchtickets.org or click HERE.

DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.

Accidentally Clicked on a Phishing Link – Now What

Accidentally Clicked on a Phishing Link – Now What

You know that searing flush-faced feeling when you pretty much know you made a mistake with a slip of the finger? Sometimes it’s sending a text too soon or responding to an email without editing your response. Other times it’s when you click on something you likely shouldn’t have … and then the “uh oh” escapes … and then the big sigh.

 

When we multitask, whether it is at work or at home, we do tend to slip up at times and open something that we shouldn’t. Then enters adware, malware, ransonmare, spyware, and whatever-else-is-next-ware into our lives.

 

Oops! Now what?

 

There are some imperative steps to take to alleviate harm to you and/or the network you may be connected with:

– Try not to panic. This happens to everyone. Antivirus and anti-malware will come into play and you will need to have a full system scan. But first …

– End the session immediately by turning off Wi-Fi, unplugging from an ethernet cable or completely shutting down all of your devices.

– Initiate a back up of your files. Since you won’t be connected to the internet at this point, you won’t be able to accomplish this to the cloud. Having an external drive, DVD or thumb drive are always nice to have on hand during times like these.

– Change your login/password to email account(s) and enable two-factor authentication if this hasn’t already occurred.

– If you are employed by a company or organization, reference your manual and let your network administrator know of the potential issue.

– After all is said and done, check your antivirus/anti-malware software and run a full scan.

 

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does. As always, if you need help or have any concerns, we are available 24/7/365 for you.

DNA – Genetic Testing Hacks

Yes, we all would love to know more about our pasts … some from a medical necessity and others just from plain curiosity. Unfortunately, genetic testing is one of the newer “gotcha” identity theft hacks. The U.S. Department of Health and Human Services of Inspector General has just alerted the public about this new fraud scheme.

 

What is Genetic Testing?

According to the U.S. National Library of Medicine, genetic testing is a voluntary medical test “that identifies changes in chromosomes, genes, or proteins. The results of a genetic test can confirm or rule out a suspected genetic condition or help determine a person’s chance of developing or passing on a genetic disorder.” With more than 1,000 genetic tests currently in use, genetic testing labs are sprouting up all over the country, and in some circumstances, health insurers now pay for the testing. For example, the Centers for Medicare and Medicaid Services pays for next-generation sequencing for people with advanced cancer or a family history if the test is medically necessary and ordered by a treating physician. These tests may cost $10,000 or more.

 

How Does Genetic Testing Fraud Happen?

Genetic testing fraud occurs when, in this case, Medicare is billed for a test or screening that was not medically necessary and/or was not ordered by a treating physician. For example, Mr. Smith, a retiree, attended a county fair and stopped by a booth offering “free genetic testing.” Not realizing that a treating physician’s orders would be needed for Medicare to cover the cost of the test and being naturally curious about his family’s risk of cancer, Mr. Smith provided his Medicare personal identifying information to the booth worker prior to getting his cheek swabbed. In some cases, sample kits are mailed to the victim. He was then told to expect test results in about three weeks. Medicare was billed for the test and denied the claim. Mr. Smith was then charged the full amount of the test and likely never received his results. Basically, Mr. Smith’s scammer found a laboratory willing to split the profit from the testing once the DNA samples were in hand.

 

How Can I Prevent This?

– If a genetic test is mailed to you unsolicited, do not accept it. Just write ‘return to sender’ on the envelope and send it back.

– Understand that there are schemes that say genetic testing is free. Although it may falsely appear as a no cost test, realize that there are no free genetic tests. Someone always has to pay.

– Only a physician that you know (and trust) should be discussing genetic testing with you or ordering it.

– If someone you do not know asks for your health insurance or Medicare information, do not provide it. Only provide this type of information in person at your physician’s office.

– Be aware that anytime your personal information is compromised, it may be used in other fraud schemes. Closely monitor your credit report and make sure your identity theft resolution services coverage is current.

 

If you suspect genetic testing fraud, please contact the HHS OIG (U.S. Department of Health and Human Services – Office of Inspector General) hotline at 1.800.HHS.TIPS or email spoof@oig.hhs.gov immediately. Not sure what to do or have concerns about this topic? Contact us day or night. We are always open for you.

 

 

Zoofari 2019

Zoofari 2019

Join us! We are a proud sponsor of Cincinnati Zoo & Botanical Garden’s Zoofari event, which will take place Friday, September 13, 2019 from 6:30 pm to midnight. This year’s theme is A Masquerade Ball.

 

Zoofari attracts over 2,600 guests and raises integral support for the Zoo’s initiatives, including the care and sustenance of more than 500 animal and 3,000 plant species, ground-breaking conservation efforts and educational outreach programs that reach more than 330,000 students annually.

 

The event is usually sold out so get your tickets fast. We hope to see you there!

 

Follow #Zoofari2019

Capital One Breach Alert – 100 Million Impacted

The Wall Street Journal reports that this latest massive consumer data breach stands to be one of the worst for U.S. consumers because of the type of financial information that was accessed. The hacker accessed personal information of Capital One credit card customers and applicants in the U.S and 6 million in Canada. “This valuable consumer financial information can be used to figure out the identities of the most creditworthy or affluent consumers and open a card or loans in their name.” READ MORE

 

Take Action
Though Capital One says login information wasn’t compromised in this hack, reusing old passwords is a major security vulnerability. We suggest that you immediately:

– Change your passwords

– Set up two-factor authentication

– Closely monitor your credit card activity and credit reports

We Are Here to Help!
Please contact our 24/7/365 Member Services team at 888.966.GUARD (4827) if you think you may have been a victim. You can also visit our website and click on Let’s Talk, where you can:

– Schedule an in-person meeting or call

– Make a payment

– Send us a file

– Leave us your comments

– Access your account

– Click-to-call Member Services immediately

Guard Well Founder and CEO Panelist in HR Forum Discussion

Guard Well Founder and CEO Panelist in HR Forum Discussion

On Thursday, June 13, 2019 the Cincinnati Business Courier hosted a live panel discussion with industry experts concerning the ongoing changes and critical issues impacting Human Resources. The panel covered a a variety of topics including workforce issues around employee engagement, retention strategies, organizational development, compensation, benefits and educating tomorrow’s business leaders. Our Founder and CEO, E. Allan Hilsinger, was among three of the panelists. Other industry experts included Deirdre Bird, Director of HR Consulting, VonLehman CPA & Advisory Firm and Brian Dershaw, Partner, Taft, Stettinius & Hollister LLP.

 

You can read the entire discussion HERE.

Top 10 Identity and Access Management Solution Providers – 2019

Top 10 Identity and Access Management Solution Providers – 2019

An Intelligent Way to Protect Your Employees

Guard Well Identity Theft Solutions was listed as one of the “Top 10 Identity and Access Management (IAM) Solutions Providers – 2019” in Enterprise Security Magazine. “What has intrigued us the most is that Guard Well always takes the driver’s seat in addressing the identity theft and restoration challenges through its full resolution solutions, cutting edge advanced monitoring tools and proprietary API technology. The company has been on the pinnacle in combining their 24/7 availability and an intense focus on customer service to provide the best IAM solutions today,” remarked Michael Brown, Managing Editor.

 

You can read the entire article HERE.

Guard Well Presenting Sponsor BBB Torch Awards

Guard Well Presenting Sponsor BBB Torch Awards

For the past 18 years, the Better Business Bureau (BBB) and the BBB Center for Ethics have given awards to students, businesses and nonprofits at the Torch Awards for Marketplace Ethics for aligning with their mission – to provide ethics education, direction, and recognition to the community, for the purpose of strengthening the career lives of future and current employers and employees. The BBB Center for Ethics believes the ideal workplace is built by a superior workforce.

 

The 18th Annual Torch Awards was held on October 19th and hosted 240 guests and around 70 businesses and nonprofits represented from the Greater Cincinnati, Northern Kentucky and Southeastern Indiana areas. “We have the privilege to learn about many businesses who truly value ethics, especially in industries that we don’t typically think make it a priority. It’s inspiring to see companies that strive to be the best of the best for consumers who are looking for trustworthy businesses. It’s not an easy application and not easy to win…and shouldn’t be for this sets the good and the great apart,” says Trisha Sefakis, Director of Communications for the BBB.

 

“We were thrilled to be the presenting event sponsor for this extraordinary event,” remarked E. Allan Hilsinger, Founder and CEO of Guard Well Identity Theft Solutions, LLC.

 

To learn more about the BBB Torch Award Ceremony, the honorees and award recipients, please click HERE.